cbcvebase.
CVE-2016-10972
published 2019-09-16

CVE-2016-10972: The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.

PriorityP179critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
9.27%
94.7th percentile
The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.

Affected

1 ranges
VendorProductVersion rangeFixed in
tagdivnewspaper< 6.7.26.7.2

Detection & IOCsextracted from sources · hover to see the quote

url/wp-content/themes/Newspaper/style.css
othertd_ajax_update_panel
  • Probe for the Newspaper theme style.css and extract the version string; versions >= 6.4 and <= 6.7.1 are vulnerable.
  • Version number can be extracted from the theme stylesheet body using the regex pattern 'Version: ([0-9.]+)'.
  • FOFA/Shodan fingerprint: search for sites whose body contains 'wp-content/themes/mTheme-Unus/' to identify potentially vulnerable Newspaper theme installations.
  • Monitor WordPress AJAX requests targeting the 'td_ajax_update_panel' action, especially from unauthenticated or low-privilege users, as this is the vulnerable endpoint enabling privilege escalation.
  • ·The vulnerability affects Newspaper Theme versions 6.4 through 6.7.1 only; version 6.7.2 and later are patched.
  • ·The exploit requires no authentication (PR:N, UI:N per CVSS), meaning any unauthenticated remote attacker can trigger the privilege escalation via the exposed AJAX endpoint.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.